Secure login to the forums

[rickvanderzwet]

Dear Forum maintainers,

Congrats with the forum to start with, next why is the forum login not secured by https? I personally do not like my credentials send over the wire unencrypted.

 

[lme@]

Hi Rick,

just try: https://forums.freebsd.org/

cheers

Lars

 

[Nagilum]

Free SSL Certs are available at https://www.cacert.org .

 

[graudeejs]

Secure Connection Failed
forums.freebsd.org uses an invalid security certificate.

The certificate is not trusted because it is self signed.

(Error code: sec_error_ca_cert_invalid)
    * This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.

    * If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.

          Or you can add an exception…

For bough links mentioned above

 

[Daemony]

killasmurf86, so what?
Read your quote once again:

Or you can add an exception…

 

[graudeejs]

Just making shore admins know

 

[rickvanderzwet]

Full cert path not published

just try: https://forums.freebsd.org/

Ewk, self signed certificates, could this pretty please (big bamby eyes) be fixed and get some decent certificate installed (CaCert will do)

$ openssl s_client -connect forums.freebsd.org:443
CONNECTED(00000003)
depth=0 /C=US/ST=CO/L=Denver/O=FreeBSD.org/CN=forums.freebsd.org
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=CO/L=Denver/O=FreeBSD.org/CN=forums.freebsd.org
verify return:1
...

Redirecting the login page to a https secured envirionment should also be a nice idea

 

[DutchDaemon]

Are you sure cacert will actually do?

www.cacert.org:443 uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)

:stud

 

[hark]

Are you sure cacert will actually do?

www.cacert.org:443 uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)

:stud

Arguably, that's just Mozilla being a dick about their PKI. Having a certificate which is verifiable by any third-party authority (well-established or not) is leagues better than a self-signed certificate.

 

[aliangshisb81743]

jordan shoes

is jordan shoes good enough for play basketball?